Unable to log in using any user account even in safe mode

By KillVirusCoders
Dec 23, 2008
  1. Two days ago I got hit with a combination of a bunch of viruses/trojans/spyware all at once. I had AVG off for a few days (very dumb I know) and SpyBot wasnt really able to stop anything except some BHO entries.

    During that night and the next day I ran AVG, SpyBot, Avast, HJT and MABM, to try and clear whatever it was out. I was unsuccessful as I was never able to install SAS or reinstall Java since I was getting an error that "the administrator has set installation rights preventing this installation."

    Here are the two logs from MABM and HJT I was able to email myself before the computer stopped letting me log in.

    The symptoms I had when the virus hit were multiple popups, fake antivirus warnings, a fake antivirus warning in the task bar, firefox crashing, Windows eventually freezing while in normal mode. I noticed multiple random dlls being placed in system32, processes such as two instances of tinyproxy.exe running, searchin1.exe, a bunch of rundll.exe. I think I was infected through an Adobe Acrobat exploit as I remember when the popups were hitting I opened the task manager and saw Acrobat with very high CPU usage.

    Some of the viruses I saw AVG/Spybot recognize were Virtumonde, Smitfraud, InternetSpeedMonitor, VirusTrigger, Zlob (saw in MBAM I think), and possibly a virus W32 Agent or something similar.

    Since I cant log in at all now I am getting ready to take the HDDs out and install windows on a new one (I was able to backup some stuff to an external HDD earlier). I've been planning to do this since before I had the virus but now its forcing me.

    Are there any precautions I should take when putting the new HDD in and installing windows? Is it possible for the virus to hide in the memory or another non-HDD part of the computer and then infect the new HDD? What about the external HDD I used? It was plugged in when the virus hit but I see no files on it that make me think it is infected.

    Thanks for any help you can provide.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...